When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this during internal audits to verify that supplier services and security practices are monitored, reviewed, evaluated, and changed through a controlled process.
Checklist
- Supplier monitoring procedure exists.
- Supplier owners are assigned.
- Review frequency is defined based on supplier risk.
- Supplier service reports are received.
- Supplier security reports are reviewed.
- Review results and actions are recorded.
- Supplier nonconformities are escalated and tracked.
- Supplier incidents trigger internal review where relevant.
- Supplier changes are assessed before approval where possible.
- Material changes trigger risk reassessment.
- Contract changes involve relevant stakeholders.
- Supplier audit rights are used where risk justifies them.
- Supplier audit findings are communicated, tracked, and resolved.
Related notes
- Iso27001
- ISO27002
- Template
- Audit
- A5 22
Note Metadata
Aliases: A.5.22 Checklist
Source: 90 Templates/A.5.22 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- ISO 27001 A.5.22 - Monitoring, Review and Change Management of Supplier Services
- A.5.22 Audit Evidence Pack
- Audit Evidence MOC
- AQ-ISO27001-A.5.22 Monitoring, Review and Change Management of Supplier Services
- Template - Corrective Action Tracker
- Supplier Service Review and Change Log
- Audit Evidence Index
- Templates MOC